[Live] Activity Feed
It was requested in the forums and it's sort of a hybrid upgrade of recent edits/articles blocks like you would see in a CMS and a facebooky news feed. For now it appears in the wiki sidebar.
The feed checks asynchronously every minute or so if new content of any type (frequency of checking and types checked can be controlled in the AdminCP) and adds an alert to the feed. We require the user to click the alert to load the new activity so that the content doesn't jump down the screen while the user is reading. The user can also read further past activity by clicking a button at the bottom of the feed.
There are two types of feeds: the global feed and the relative feed. The global feed shows activity throughout the whole wiki and is the default shown no matter what page you're on. This way if there's activity somewhere else you need to respond to, the information is right there. The relative feed only appears as an alternate view for certain page types that might have child pages (areas, books, categories, groups), and as you might expect only shows activity that is below the current page in the wiki hierarchy. We opted not to have an additional view for a feed relating only to the current page because that information is already easily available since you are on the page.
We added some "security" measures in here:
In the process of writing the conversation for this feature, discovered and fixed an XSS vulnerability in VaultWiki 4's input processing.
The frequency is not set by code embedded in the HTML on the current page. This prevents users from changing the frequency to a very low number and overloading your site with AJAX requests. While it's still possible to fiddle with the DOM through some browsers' developer tools and change the value that way, we made sure to reset the value on every request.
Also, say the user leaves their browser open on a particular page for a whole week (I'm one of those people). Much of that time they might be away from the computer and probably the page, so we don't want to be performing AJAX requests to make alerts that entire time, especially when the user isn't even seeing most of them. After an hour of browser inactivity, the feed stops checking for new updates. If the user returns after an hour and wants to update the feed, they will be prompted to reload the page.
For those who wanted a true "live" feed, sorry. In order to do this, we need to assume you have a machine with a Flash XMLSocket application like BlazeDS installed, and then we would need to tell PHP how to send messages using that application. This would be another big project and we might revisit it in the future if we add more "live" functions. Because most PHP installations have script timeouts, long-polling was not really an option (we would have to send another AJAX request every 30 seconds anyway).
Anyway, still have to phrase the feed contents, and like everywhere else, still need to have someone do the icons for the various content types.